Thanks for choosing Orange County Computer, Inc.

Sales: (949) 699-6619 | Support: (949) 699-6619 | 8am – 5pm Monday – Friday : Saturday by Appointment

Orange County Computer INC.
  • See Service Pricing
  • OCC Home
  • About Us
    • Blogs
    • Location Tech Repair Center
    • Orange County IT Company
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Tech Center Services
    • Desktop Repair
    • Laptop Repair
    • Virus Removal
    • Tech Support Services
    • Data Recovery
    • E-Waste Recycling
    • Disaster Recovery
  • Business IT Services
    • Orange County Network Support Services
    • Orange County Cyber Security Company
    • Orange County IT Support Services
    • Enterprise Wifi Solutions
    • Orange County Managed IT Services
    • Managed Services
    • Software Licensing
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Disaster Recovery Solutions
    • Data Backup and Storage Solutions
    • Offsite Backup
    • Software Support
    • Virtualization
    • Firewall & Security
    • Servers
  • Web Services
    • Domain Registrar
    • Hosting Services
    • Web Design
  • See Service Pricing
  • OCC Home
  • About Us
    • Blogs
    • Location Tech Repair Center
    • Orange County IT Company
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Tech Center Services
    • Desktop Repair
    • Laptop Repair
    • Virus Removal
    • Tech Support Services
    • Data Recovery
    • E-Waste Recycling
    • Disaster Recovery
  • Business IT Services
    • Orange County Network Support Services
    • Orange County Cyber Security Company
    • Orange County IT Support Services
    • Enterprise Wifi Solutions
    • Orange County Managed IT Services
    • Managed Services
    • Software Licensing
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Disaster Recovery Solutions
    • Data Backup and Storage Solutions
    • Offsite Backup
    • Software Support
    • Virtualization
    • Firewall & Security
    • Servers
  • Web Services
    • Domain Registrar
    • Hosting Services
    • Web Design

Shellshock is a new security threat worse than Heartbleed

Orange County Computer INC. > OCC News > Shellshock is a new security threat worse than Heartbleed

Shellshock is a new security threat worse than Heartbleed

The Health Information Trust Alliance has issued warnings about Shellshock, a system vulnerability it says could cause much more damage than the infamous Heartbleed bug.

The HITRUST Cyber Threat Intelligence and Incident Coordination Center, known as the C3, announced this past week it has been tracking the remote code execution vulnerability, which it says can allow hackers to bypass commands and execute arbitrary code, leaving OS X and Linux machines open to attack.

“We base the assessment that Shellshock is a more serious vulnerability than Heartbleed due to the ability of potential perpetrators to use the exploit to craft malicious code that enables them to gain complete control of a compromised server,” write HITRUST officials in their dense and detailed threat report.

Heartbleed, of course, has been at least partly responsible for some serious damage to the healthcare industry. This past summer it was revealed that Chinese hackers were able to use the bug’s system vulnerabilities to access some 4.5 million patient records at Community Health Systems – the second largest PHI breach in healthcare history.

Shellshock, is the “worst we’ve seen in many years,” according to one security blogger.

“In retrospect, the grave concern over Heartbleed seems misplaced,” he writes. “As information disclosure bugs go it was a really bad one, but it was only an information disclosure bug and a difficult one to exploit. The sky’s the limit on attacks with Shellshock.”

Indeed, beyond exploiting the new Shellshock bug for DDoS attacks, “other malicious actors could use the exploit to gain unfettered access to a vulnerable server and conduct much more damaging operations – such as sabotaging corporate networks or collecting any information stored on the server, including intellectual property, personally identifiable information, or protected health information,” according to HITRUST.

As HITRUST works with the Department of Homeland Security to monitor the threat, it suggests that, “given increased cyber threat activity affecting healthcare organizations,” healthcare organizations should review their information security controls, “or if unable, then focus on those specifically related to cyber security.”

It offers resources for healthcare security professionals here.

On Sept. 23, HITRUST Chief Executive Officer Daniel Nutkis wrote to Health and Human Services Secretary Sylvia Mathews Burwell, offering an update on “the significant progress made” with regard to healthcare security — and also to spotlight efforts “currently underway to address the risks and implications” of cyber attacks.”

“Continued vigilance is required to protect sensitive healthcare data of American citizens,” he wrote.

As healthcare has recently come to recognize the imperative to protect against cyber crime, HITRUST “identified the need for collaboration among stakeholders, particularly leveraging the expertise of larger, more cyber-sophisticated organizations to assist less sophisticated players,” wrote Nutkis.

In response, HITRUST launched C3 to offer threat intelligence, incident response and other knowledge and strategies unique to the healthcare industry, according to the letter to HHS.

“The C3 facilitates the early identification of cyber-attacks and creation of best practices specific to the healthcare environment and maintains a conduit through the Department of Homeland Security to the broader cyber-intelligence community for analysis support and exchange of threat intelligence,” Nutkis wrote.

“The Center is also the first to track vulnerabilities related to medical devices and electronic health record systems,” he added, “which are both emerging areas of concern.”

If you feel that your system or network has been hacked or is at risk of attack contact the Cyber Security Experts at Orange County Computer® so we can minimize the damage. Call our Tech Center at (949) 699-6619 or visit us online at  OrangeCountyComputer.com. We are happy to help.

15-Year-Seal_Silver

Information originally obtained from  Heathcare IT News’s Mike Miliard.  View the story here.

You might also like

  • Microsoft 365 and CoPilot
  • Hello Windows 11! Farewell Windows 10.
  • Multifactor Authentication (MFA)
  • Cyber Insurance
  • The Power of DNS Filtering
  • Cybersecurity Awareness Month: Social Engineering
  • Cybersecurity Awareness Month
  • Farewell to QuickBooks Desktop Professional 2021: Navigating the Transition
  • PII Compliance – Protecting Your Business from Costly Data Breaches: The Importance of Managed Services
  • CISA Updates #StopRansomware Guide
  • The Safeguards Rule: Financial Institutions Must Protect Client Data!
  • AdSense Fraud Campaign: Is your site infected?
← Warning: Breach of Patient Identification Information
40 Apple iPhone 6 Plus and iPhone 6 tips and tricks →

Recent News

  • Microsoft 365 and CoPilot
  • Hello Windows 11! Farewell Windows 10.
  • Multifactor Authentication (MFA)
  • Cyber Insurance
  • The Power of DNS Filtering

Contact Us

Orange County Computer, Inc.

26150 Enterprise Way, Suite 400
Lake Forest, CA 92630

Sales: (949) 699-6619

Support: (949) 699-6619

Recent Posts

  • Microsoft 365 and CoPilot

    Work Smarter, Not Harder: Automate Tasks with Microsoft 365 CoPilot Are you read

  • Hello Windows 11! Farewell Windows 10.

    Windows 10 Support is Ending: Why Your Business Must Upgrade to Windows 11 Now T

Search

    • Home
    • Site Map
    • Remote Support